ADOPTING AN ASSUME-BREACH MINDSET
As the attack landscape grows and becomes more complex due to the hybrid, hyperconnected world we operate in, state and local organizations must embrace an assume-breach mindset. Assume-breach accepts that breaches are inevitable, shifting the focus from preventing all breaches to minimizing the impact of a breach through security measures, protocols and tools that are designed with the assumption that an attacker may have already compromised parts of the network. Paired with the assume-breach mindset, these security measures, protocols and tools focus on protecting data, detecting unusual behavior and responding quickly to potential threats. Just as cars are equipped with seatbelts and airbags to reduce the fallout of a crash, assume-breach encourages organizations to put proactive measures in place to reduce the impact and damage when the worst occurs.
PRACTICING GOOD CYBER HYGIENE
Complementing an assume-breach mindset is the practice of good cyber hygiene. Progress and the ability to adapt to evolving threats work best when cyber hygiene is prioritized across the entire organization. This includes regular training on cybersecurity concepts such as phishing, ransomware and cloud breaches and fostering a more cyber-literate environment. Prioritizing cyber hygiene is paramount to ensure that state and local organizations are consistently prepared for the possibility of cyber attacks.
In the event a cyber attack does occur, having a well-tested and resilient plan in place is key to minimize impacts. As the entire organization participates in these practices and trainings, leaders can focus on implementing assume-breach security measures, protocols and tools. These measures should include enhancing real-time visibility, identifying vulnerabilities, blocking known ransomware points and strategic asset segmentation. While CIOs may be the ones responsible for implementing these measures, the entirety of leadership must have a firm understanding of these measures and must be held accountable for any cyber incidents. Cybersecurity isn’t something that falls on one person or group of people. Only with full cooperation from everyone, no matter the level of seniority, can organizations enact a cyber defense plan capable of stopping and minimizing attacks from bad actors.
LEVERAGING FEDERAL, STATE AND LOCAL COLLABORATIONS
State and local organizations must fully utilize all collaboration efforts provided by the federal government in order to establish the best defense against cybersecurity threats possible. As part of these efforts, the federal government provides state and local organizations with essential funding, advanced cybersecurity resources and expert guidance. By strengthening collaboration efforts between federal agencies and state and local organizations, the overall cybersecurity infrastructure is fortified at all levels.
Different sectors of government have different cybersecurity issues that must be addressed. To ensure a timely response to incidents across these different sectors, federal, state and local organizations must learn from each other and form an incident response plan that encompasses every sector.
MOVING TOWARD STRONGER CYBER RESILIENCY
Cyber attacks against state and local organizations are an all-encompassing problem that require cyber hygiene practices and collaboration efforts — both internally across organizations and with the help from outside agencies. State and local organizations that take proactive measures, including putting protocols and tools in place, and adopt an assume-breach mindset will be in a better position to address and mitigate future disruptions and cyber attacks.
These steps will better prepare state and local organizations to contain the attacks that inevitably come their way and put them one big step farther down the path to cyber resiliency.
Gary Barlet is public-sector CTO for Illumio.
